Passlet currently in it’s beta stage, is an online password manager. Unlike other password managers, it does not require you to disclose your master password to anyone, including its own server. This is done by performing all encryption and decryption operations exclusively within your browser.
Passlet uses the strongest form of encryption, the Advanced Encryption Standard (AES). This encryption is performed completely within your browser. It uses the industry-standard key derivation PBKDF2 (c.f. RFC 2898) to obtain a 128-bit AES key from your master password. This key derivation is performed completely within your browser.
Once stored, Passlet with it’s unique approach, allows you to access your passwords from any browser in the world while at the same time making your information impossible to read outside that browser. It does this by performing all encryption and decryption operations within the browser itself, making sure that your password and derived encryption key never leave your computer. It is therefore imperative that you use a trusted computer to access Passlet.
There are other services too, that offer online password management:
Agatra: Agatra securely organizes your passwords for sites you routinely log into. It even logs you in to a lot of them automatically. You can use Agatra from any computer with an internet connection, not just your personal computer. Agatra takes you directly to the information you care about.
It uses the blowfish symmetric block cypher encryption technology. It’s so secure that not even employees of Agatra can gain access to your passwords. It is actually using an AES SSL certificate for all pages that require or display sensitive information. All of our other pages use alternative forms of security to validate a user’s identity.
Halfnote: is a (very) simple notepad you can access from anywhere. Once you create an account, your stuff will be encrypted using your password. This means that when I’m feeling nosey and poking around the database, I won’t be able to read your secret plans. Huzzah!
Passlet is an example of the Host-Proof Hosting more closely than Agatra and Halfnote – Parvez says “While I was reading it, I couldn’t help but smile: your design pattern is a generalization of what I was thinking in the specific context of a password manager. And now you have a real-world example of this design pattern!”
“It is often necessary to derive an encryption key from a password. Passwords are easy for humans to remember whereas keys are needed in encryption schemes. A standard mechanism for performing a key derivation is given in RFC 2898.
AJAX Password Manager With AES, Client-Side Encryption, Passlet, Agatra, Halfnote